FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-0883

This CVE name corresponds to:

Entered Topic
2006-03-12 openssh -- remote denial of service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2006-0883
Phase Assigned(20060224)

Description

OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

References

Source Reference
CONFIRM http://bugzilla.mindrot.org/show_bug.cgi?id=839
FREEBSD FreeBSD-SA-06:09
BID 16892
VUPEN ADV-2006-0805
OSVDB 23797
SECTRACK 1015706
SREASON 520
XF openssh-openpam-dos(25116)